/[advisories]/6331.adv
ViewVC logotype

Contents of /6331.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 4937 - (show annotations) (download)
Mon Sep 19 09:32:29 2016 UTC (2 years, 8 months ago) by neoclust
File size: 1003 byte(s)
Fix subject
1 type: security
2 subject: Updated plexus-archiver package fixes security vulnerability
3 CVE:
4 - CVE-2012-2098
5 src:
6 3:
7 core:
8 - plexus-archiver-2.3-1.1.mga3
9 description: |
10 Algorithmic complexity vulnerability in the sorting algorithms in bzip2
11 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress
12 before 1.4.1 allows remote attackers to cause a denial of service (CPU
13 consumption) via a file with many repeating inputs (CVE-2012-2098).
14
15 plexus-archiver used an embedded copy of the affected code from Apache
16 Commons Compress, and therefore was affected by this. It has been patched
17 to use the apache-commons-compress package, in which this issue has already
18 been fixed, for bzip2 compression and decompression.
19 references:
20 - https://bugs.mageia.org/show_bug.cgi?id=6331
21 - https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
22 - https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html
23 ID: MGASA-2014-0056

  ViewVC Help
Powered by ViewVC 1.1.26